URLMON.DLL does not properly validate IDN containing double-byte character sets (DBCS), which may lead to remote code execution. Exploiting this vulnerability seems to need a lot of more work but we believe that
exploitation is possible.